Secure context
This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
authenticatorSelection
, an optional property of the PublicKeyCredentialCreationOptions
dictionary, is an object giving criteria to filter out the authenticators to be used for the creation operation.
Syntax
authenticatorSelection = publicKeyCredentialCreationOptions.authenticatorSelection
Value
An object with the following properties:
authenticatorAttachment
Optional- A string which is either "
platform
" or "cross-platform
". The former describes an authenticator which is bound to the client and which is generally not removable. The latter describes a device which may be used across different platform (such as a USB or NFC device). requireResidentKey
Optional- A boolean which indicated that the credential private key must be stored in the authenticator, the client or in a client device. The default value is
false
. userVerification
Optional- A string qualifying how the user verification should be part of the authentication process. The values may be:
- "
required
": user verification is required, the operation will fail if the response does not have the UV flag (as part of theauthenticatorData
property ofAuthenticatorAttestationResponse.attestationObject
) - "
preferred
": user verification is prefered, the operation will not fail if the response does not have the UV flag (as part of theauthenticatorData
property ofAuthenticatorAttestationResponse.attestationObject
) - "
discouraged
": user verification should not be employed as to minimize the user interaction during the process.
preferred
". - "
The authenticator used for the creation of the public key credential must comply with the requirements.
Note: See PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
which resolves to true
when a user-verifiying platform authenticator is available.
Examples
var publicKey = { authenticatorSelection:{ authenticatorAttachment: "cross-platform", requireResidentKey: true, userVerification: "required" }, challenge: new Uint8Array(26) /* this actually is given from the server */, rp: { name: "Example CORP", id : "login.example.com" }, user: { id: new Uint8Array(26), /* To be changed for each user */ name: "jdoe@example.com", displayName: "John Doe", }, pubKeyCredParams: [ { type: "public-key", alg: -7 } ] }; navigator.credentials.create({ publicKey }) .then(function (newCredentialInfo) { // send attestation response and client extensions // to the server to proceed with the registration // of the credential }).catch(function (err) { console.error(err); });
Specifications
Specification | Status | Comment |
---|---|---|
Web Authentication: An API for accessing Public Key Credentials Level 1 The definition of 'authenticatorSelection' in that specification. |
Recommendation | Initial definition. |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
authenticatorSelection | Chrome Full support 67 | Edge Full support ≤79 | Firefox Full support 60 | IE ? | Opera ? | Safari Full support 13 | WebView Android No support No | Chrome Android Full support 67 | Firefox Android ? | Opera Android ? | Safari iOS Full support 13.3 | Samsung Internet Android No support No |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
- Experimental. Expect behavior to change in the future.
- Experimental. Expect behavior to change in the future.
See also
PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
AuthenticatorAssertionResponse.authenticatorData
whose structure contains the UV flag (please note that for the creation operation,AuthenticatorAttestationResponse.attestationObject
only contains a CBOR encoded version of this data and does not give an immediate access to the flag).